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IN THE CLAIMS 

Please amend the claims as follows: 

1 . (Currently amended) A method for provisioning routing policy of a plurality of 
customer sites of a Virtual Private Network (VPN) in a packet switched network, the VPN 
established at least in part by constraining distribution of VPN routes within the network, 
comprising: 

graphically defining on the computer at least one topological relationship between said 
plurality of sites of said VPN, the at least one topological relationship defining permitted 
communication between the plurality of sites without explicit reference to links between routers 
of the underlying physical network ; and 

automatically generating at least one route distribution rule for provisioning to a router in 
the network at at least one of the plurality of sites of said VPN b ased at least in part on said 
defined relationship, the at least one route distribution rule constraining at least in part 
distribution by the router at the at least one of the plurality of sites of the VPN routes within the 
network. 

2. (Previously Presented) The method of claim 1, wherein automatically 
generating at least one route distribution rule comprises: 

automatically generating at least one import rule; 
automatically generating at least one local export rule; and 
automatically generating at least one remote export rule. 

3. (Previously Presented) The method of claim 1, wherein automatically 
generating at least one route distribution rule for each site comprises generating an import rule 
for discarding route information received from the respective site. 

4. (Currently amended) The method of claim 1, further comprising designating a 
VPN component, the VPN component representing permitted communication between the sites 
in the plurality of sites that are members of the VPN component, without explicit reference to 
links between physical elements of the underlying packet switched network; wherein 
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automatically generating at least one route distribution rule comprises generating, for a site of 
said plurality of sites, an import rule for accepting route information, in response to said site 
being a member of a mesh VPN component, received from any site of said plurality of sites 
which is a member of said mesh VPN component. 

5. (Currently amended) The method of claim 1, further comprising designating a 
VPN component, the VPN component representing permitted communication between the sites 
in the plurality of sites that are members of the VPN component, without explicit reference to 
links between physical elements of the underlying packet switched network; wherein 
automatically generating at least one route distribution rule comprises generating, for a site of 
said plurality of sites, an import rule for accepting route information, in response to said site 
being a hub of a hub-spoke VPN component, received from any site of said plurality of sites 
which is a member of said hub-spoke VPN component. 

6. (Currently amended) The method of claim 1, wherein automatically generating at 
least one route distribution rule comprises generating, for a site of said plurality of sites, an 
import rule for accepting route information, in response to said site being a spoke of a hub-spoke 
VPN component, received from any site of said plurality of sites which is a hub of said hub- 
spoke VPN component ; the hub-spoke VPN component representing permitted communication 
between the sites in the plurality of sites that are members of the hub-spoke VPN component, 
without explicit reference to links between physical elements of the underlying packet switched 
network; 

7. (Currently amended) The method of claim 1, further comprising graphically 
designating at least one VPN component, further comprising graphically designating a VPN 
component, the VPN component representing permitted communication between the sites in the 
plurality of sites that are members of the VPN component, without explicit reference to links 
between physical elements of the underlying packet switched network; wherein automatically 
generating at least one route distribution rule comprises automatically generating at least one 
local export rule, wherein the number of local export rules generated is at least equal to the 
number of VPN components of said VPN that the respective site is a member of. 
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8. (Currently amended) The method of claim 1, wherein automatically generating at 
least one route distribution rule comprises: 

graphically designating a VPN component, the VPN component representing permitted 
communication between the sites in the plurality of sites that are members of the VPN 
component, without explicit reference to links between physical elements of the underlying 
packet switched network; 

generating, for a site of said plurality of sites in response to said site being a member of a 
mesh VPN component, a local export rule for: 

accepting routes from a Provider Edge-Customer Edge (PE-CE) routing protocol; 
associating route information of said VPN to said accepted routes; and 
advertising said accepted routes and said route information to all members of said 
mesh VPN component. 

9. (Currently amended) The method of claim 1, wherein automatically generating at 
least one route distribution rule comprises: 

generating, for a site of said plurality of sites in response to said site being a hub of a hub- 
spoke VPN component, a local export rule for: 

accepting routes from a Provider Edge-Customer Edge (PE-CE) routing protocol; 

associating route information of said VPN to said accepted routes; and 

advertising said accepted routes and said route information to all members of said 
hub-spoke VPN component; 

the hub-spoke VPN component representing a permitted communication between 
the plurality of customer sites without explicit reference in the graphical definition of the 
VPN to links between physical elements of the underlying packet switched network . 

10. (Currently amended) The method of claim 1, wherein automatically generating at 
least one route distribution rule comprises: 

generating, for a site of said plurality of sites in response to said site being a spoke of a 
hub-spoke VPN component, a local export rule for: 

accepting routes from a Provider Edge-Customer Edge (PE-CE) routing protocol; 
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associating route information of said VPN to said accepted routes; and 
advertising said accepted routes and said route information to all members of said 
hub-spoke VPN component; 

wherein, the hub-spoke VPN component represents permitted communication 
between the plurality of sites without explicit reference in the graphical definition of the 
VPN to links between physical elements of the underlying packet switched network . 

1 1 . (Currently amended) The method of claim 1 , wherein automatically generating at 
least one route distribution rule comprises: 

generating, for a site of said plurality of sites in response to said site being a member of a 
VPN component, a plurality of local export rules for: 

accepting routes from a Provider Edge-Customer Edge (PE-CE) routing protocol; 

associating at least two sets of route information of said VPN to said accepted 
routes; and 

advertising said accepted routes and said route information to members of said 
respective VPN component; 

wherein the VPN component represents permitted communication between the 
plurality of sites without explicit reference in the graphical definition of the VPN to links 
between physical elements of the underlying packet switched network . 

12. (Currently amended) The method of claim 1, wherein automatically generating at 
least one route distribution rule for each site comprises generating a remote export rule for not 
advertising route information received from a site which is a member of a VPN component to a 
site which is not a member of said VPN component, said VPN component representing permitted 
communication between the sites in the plurality of sites that are members of the VPN 
component, without explicit reference in the graphical definition of the VPN to links between 
physical elements of the underlying packet switched network . 

13. (Currently amended) The method of claim 1, wherein automatically generating at 
least one route distribution rule for each site comprises generating, for a site of said plurality of 
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sites in response to said site being a member of at least two VPN components, a remote export 
rule for advertising route information received from a site which is a member of a first VPN 
component of said at least two VPN components to at least one site which is not a member of 
said first VPN component ; each VPN component representing permitted communication 
between the sites in the plurality of sites that are members of the VPN component, without 
explicit reference to links between physical elements of the underlying packet switched network . 

14. (Previously Presented) The method of claim 1, further comprising storing 
said at least one route distribution rule in a database. 

15. (Currently amended) A system for provisioning routing policy of a plurality of 
customer sites of a Virtual Private Network (VPN), in a packet switched network, the VPN 
established at least in part by constraining distribution of VPN routes within the network, and the 
plurality of customer sites including at least three sites; the system comprising : 

a graphical user interface, comprising: 

a display area graphically displaying at least one VPN component of said VPN a 
the VPN component representing permitted communication between sites included in the 
plurality of customer sites that are members of the VPN component, without explicit 
reference to links between physical elements of the underlying packet switched network, 
the VPN component being chosen from a group comprising a mesh configuration 
component and hub and spoke configuration component ; and 

a customer area displaying said plurality of sites, at least one of said plurality of 
sites operable to be dragged from said customer area to said display area, wherein 
dropping of said at least one site on a graphical representation of said at least one VPN 
component causes said at least one site to be displayed in said display area and to become 
a member of said VPN component and automatically generating at least one route 
distribution rule for constraining distribution of routes the at least one of said plurality of 
sites. 

16. Cancelled. 
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17. (Previously Presented) The system of claim 15, further comprising means 
for distributing said generated route distribution rule to a respective one of said plurality of sites 
of said VPN component. 

18. (Previously Presented) The system of claim 17, further comprising means 
for processing, by each site, route information received from said plurality of sites based at least 
in part on said at least one route distribution rule. 

19. (Original) The system of claim 18, further comprising means for establishing 
routing relations between said plurality of sites based at least in part on said processed routing 
information. 

20. (Previously Presented) The system of claim 15, further comprising a 
database operable to store said at least one route distribution rule. 

21-22. (Cancelled) 

23. (Currently amended) A method for provisioning routing policy of a plurality of 
customer sites of a Virtual Private Network (VPN), in a packet switched network, the VPN 
established at least in part by constraining distribution of VPN routes within the network, 
comprising: 

graphically displaying at least one VPN component of said VPN; 

enabling dragging of a representation of at least one site of said plurality of sites towards 
said at least one VPN component; 

enabling dropping of said representation of said at least one site on said representation of 
said at least one VPN component thereby causing said site to become a member of said VPN 
component; and 

automatically generating at least one route distribution rule for provisioning to each site 
of said plurality of sites based at least in part on a membership of said respective site, the at least 
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one route distribution rule constraining at least in part distribution of the VPN routes within the 
network; and 

storing said at least one route distribution rule and route information received from said 
plurality of sites in a database; 

The method of claim 22, wherein said route information comprises at least one route 
information item selected from the group consisting of a Route Distinguisher (RD), a Route 
Target (RT), a Site of Origin (SOO), a VPN ID, an Internet Protocol version 4 (IPv4) Prefix, and 
Next Hop Information (NH). 

24. (Currently amended) The method of claim 23 22, wherein said route information 
is denoted by a 6-tuple {RD, RT, SOO, VPNID, IPv4 Prefix, NH}, wherein RD denotes a 
Route Distinguisher, RT denotes a Route Target, SOO denotes a Site of Origin, VPN ID denotes 
a VPN ID, IPv4 Prefix denotes an Internet Protocol version 4 prefix, and NH denotes Next Hop 
Information. 

25. (Original) The method of claim 24, wherein automatically generating at least 
one routing rule comprises generating a routing rule for discarding route information received 
from site si, said routing rule being denoted as mask {0, 0, 1, 0, 0, 0}, value{0, 0, si, 0, 0, 0}, 
action = reject. 

26. (Original) The method of claim 24, wherein automatically generating at least 
one routing rule comprises generating a routing rule for accepting route information comprising 
a specified Route Target rtl, said second routing rule being denoted as mask {0, 1, 0, 0, 0, 0}, 
value {0, rtl, 0, 0, 0, 0}, action = permit. 

27. (Original) The method of claim 24, wherein automatically generating at least 
one routing rule comprises: 

automatically generating at least one local export rule and at least one remote export rule, 
said at least one local export rule and said at least one remote export rule being generically 
denoted by: 
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mask {0| I, 0| I, 0| 1, Ol 1, 32 bit mask for IPv4 Prefix, 0| 1}, Value {*, *, *, *, *, *}, 
action = reject I accept with {RD, RT, SOO, VPNJD, = , NH} . 

28. (Previously Presented) The method of claim 1, wherein the VPN routes establish 
label-switched paths through the network between the plurality of sites. 

29. (New) A computer-implemented method for provisioning routing policy of a 
plurality of customer sites of a virtual private network (VPN) within a packet switched network, 
the plurality of customer sites including at least three customer sites, and the VPN being 
established at least in part by constraining distribution of VPN routes within the network; the 
system comprising: 

graphically displaying a representation of at least one VPN component of said VPN, the 
VPN component representing a permitted communication between at least two of the plurality of 
customer sites without explicit reference to physical elements of the packet switched network; 

enabling graphically indicating, using a graphical representation of at least one site of 
said plurality of sites and said graphically displayed representation at least one VPN component, 
that said at least one site is to become a member of said VPN component; and 

automatically generating at least one route distribution rule for provisioning to at least 
one physical device comprising the packet switched network, the at least one route distribution 
rule constraining at least in part distribution of the VPN routes within the network based on the 
indication of membership of the at least one site in said at least one VPN component. 

30. (New) The method of claim 29, wherein the VPN routes establish label-switched 
paths through the network between the plurality of sites. 

31. (New) The method of claim 29, wherein automatically generating at least one 
route distribution rule comprises: 

automatically generating at least one import rule; and 
automatically generating at least one export rule. 
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32. (New) The method of claim 29, wherein the VPN component is chosen from a 
group comprising a mesh configuration VPN component and hub and spoke configuration VPN 
component. 
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